Search

CN-121188813-B - Cloud archive intelligent management method and system

CN121188813BCN 121188813 BCN121188813 BCN 121188813BCN-121188813-B

Abstract

The application provides a cloud archive intelligent management method and system, relates to the field of cloud archive management, and solves the technical problems that an existing archive system lacks a self-adaptive access control mechanism based on data content characteristics and dynamic importance changes, and is difficult to realize fine, differentiated and continuously matched security protection. The method comprises the steps of classifying file data into storage units according to attributes, setting attribute tags in the storage units respectively, setting access attributes of the storage units based on the attribute tags of the storage units, enabling the access attributes to be requirements that the storage units can be accessed, receiving a request instruction sent by a client, generating an authority decision result based on the request instruction and the access attributes, conducting desensitization feedback to the client, and dynamically adjusting storage positions of the file data every analysis period. The cloud archive management method and device are used in the cloud archive management process.

Inventors

  • YUAN CHENG
  • CAI MEI
  • YUAN FENG
  • ZHANG CHUNMEI
  • ZHANG WEIHUA
  • PENG JIAN

Assignees

  • 鼎信数智技术集团股份有限公司

Dates

Publication Date
20260512
Application Date
20250916

Claims (7)

  1. 1. The cloud archive intelligent management method is characterized by comprising the following steps of: Classifying the file data into each storage unit according to the attribute, wherein the storage units are respectively provided with attribute tags, the attribute of the file data represents the characteristic of the file data, the attribute tags of the storage units represent the characteristic of the storage units, and the attribute of the file data corresponds to the attribute tags of the storage units; Analyzing the semantic text of the archive data, and carrying out semantic vector conversion on the semantic text to obtain semantic vectors of the archive data to be classified; Carrying out semantic similarity analysis on semantic vectors of the file data to be classified and semantic vectors of attribute tags, and storing the file data to be classified into a storage unit with the maximum similarity value; Setting access attribute of the storage unit based on the attribute label of the storage unit, wherein the access attribute is a requirement condition that the storage unit can be accessed; Analyzing importance factors of the attribute tags, wherein the importance factors comprise sensitive factors and key factors; By the formula Calculating to obtain an importance index ZYS of the storage unit, wherein MZ is a sensitive factor, XZ is a key factor, W1 and W2 are weight coefficients, and W1+W2=1; dividing the storage units into a plurality of predefined importance levels based on the importance indexes, wherein the storage units with different importance levels are provided with access attributes with different levels, and the access attributes at least comprise a main body attribute, an environment attribute and an operation attribute; receiving a request instruction sent by a client, generating a right decision result based on the request instruction and the access attribute, and carrying out desensitization feedback to the client; the method comprises the steps of receiving a request instruction sent by a client, extracting basic information of the client from the request instruction, filling the basic information into a corresponding access attribute field to generate a group of standardized context attributes; the basic information at least comprises a user identity, a client IP address and a request operation type; logically matching the context attribute with a policy rule in a server to obtain a logic matching result, wherein the policy rule is formed by connecting a plurality of atomic conditions by a logic operator, and each atomic condition is used for logically judging at least one attribute in the context attribute; Generating a permission decision result according to the logic matching result, wherein the permission decision result comprises a request instruction of a permission user and a request instruction of a refusal permission user; and dynamically adjusting the storage position of the archive data every analysis period.
  2. 2. The cloud archive intelligent management method of claim 1, wherein the archive data is stored in a storage unit with the highest similarity value if the attribute of the archive data is not matched with the attribute label of any storage unit.
  3. 3. The cloud archive intelligent management method of claim 1, wherein the acquiring mode of the sensitive factors is that sensitive data and non-sensitive data of an attribute tag are extracted through a pre-trained NLP model, and the ratio of the sensitive data to the non-sensitive data is calculated to obtain the sensitive factors of a storage unit; The key factors are obtained by extracting key data of the attribute tags, wherein the key data at least comprise project investment and business processes, inputting the key data into an MLP model, and evaluating the key factors of the storage unit.
  4. 4. The cloud archive intelligent management method of claim 1, wherein the desensitizing feedback to the client comprises: And dynamically generating a digital watermark containing user identity information and an access time stamp according to the authority decision result, and returning the digital watermark to the client after being overlapped on the file content to be accessed.
  5. 5. The cloud archive intelligent management method of claim 1, wherein the storing and adjusting archive data every analysis period comprises: analyzing sensitivity factors, criticality factors, access factors and time attenuation factors of the archive data; The access factor represents the access frequency in the analysis period, and the time attenuation factor represents the attenuation condition of the archive data along with time; By the formula Calculating to obtain an important index DAS of the file data, wherein MDZ is a sensitive factor of the file data, XDZ is a key factor of the file data, FDZ is an access factor, SDZ is a time attenuation factor, and Q1, Q2, Q3 and Q4 are all weight coefficients, and Q1+Q2+Q3+Q4=1; Comparing the importance index of the file data with the importance index of the storage units, and selecting the storage unit with the smallest difference value with the importance index of the file data from at least one storage unit as a target storage unit when the importance index of the at least one storage unit is larger than or equal to the importance index of the file data; and storing the archive data in a target storage unit.
  6. 6. The cloud archive intelligent management method of claim 5, wherein the time attenuation factor comprises: the current time and the creation time of the file data are extracted through the formula Calculating a time attenuation factor SDZ of the archive data, wherein, In order for the attenuation coefficient to be a factor, 。
  7. 7. The cloud archive intelligent management system is characterized by comprising a data archiving module, a right management module and a resource optimization module; the data archiving module is used for classifying the archive data into each storage unit according to the attribute, wherein the storage units are respectively provided with attribute tags, the attribute of the archive data represents the characteristics of the archive data, the attribute tags of the storage units represent the characteristics of the storage units, and the attribute of the archive data corresponds to the attribute tags of the storage units; Analyzing the semantic text of the archive data, and carrying out semantic vector conversion on the semantic text to obtain semantic vectors of the archive data to be classified; Carrying out semantic similarity analysis on semantic vectors of the file data to be classified and semantic vectors of attribute tags, and storing the file data to be classified into a storage unit with the maximum similarity value; the authority management module sets access attribute of the storage unit based on the attribute tag of the storage unit, wherein the access attribute is a requirement condition that the storage unit can be accessed; Analyzing importance factors of the attribute tags, wherein the importance factors comprise sensitive factors and key factors; By the formula Calculating to obtain an importance index ZYS of the storage unit, wherein MZ is a sensitive factor, XZ is a key factor, W1 and W2 are weight coefficients, and W1+W2=1; dividing the storage units into a plurality of predefined importance levels based on the importance indexes, wherein the storage units with different importance levels are provided with access attributes with different levels, and the access attributes at least comprise a main body attribute, an environment attribute and an operation attribute; receiving a request instruction sent by a client, generating a right decision result based on the request instruction and the access attribute, and carrying out desensitization feedback to the client; the method comprises the steps of receiving a request instruction sent by a client, extracting basic information of the client from the request instruction, filling the basic information into a corresponding access attribute field to generate a group of standardized context attributes; the basic information at least comprises a user identity, a client IP address and a request operation type; logically matching the context attribute with a policy rule in a server to obtain a logic matching result, wherein the policy rule is formed by connecting a plurality of atomic conditions by a logic operator, and each atomic condition is used for logically judging at least one attribute in the context attribute; Generating a permission decision result according to the logic matching result, wherein the permission decision result comprises a request instruction of a permission user and a request instruction of a refusal permission user; and the resource optimization module is used for dynamically adjusting the storage position of the archive data every analysis period.

Description

Cloud archive intelligent management method and system Technical Field The application relates to the field of cloud archive management, in particular to an intelligent cloud archive management method and system. Background With the wide application of cloud computing and big data technology, the volume of archival data generated by enterprises and public institutions is rapidly increased, the types are increasingly complex, and higher requirements are put on the intelligence, the safety and the dynamic adaptability of an archival management system. In the aspect of access control, the existing system generally adopts a role-based access control or static authority list, the authority policy is disjointed with the data content characteristics, and the differential protection can not be carried out according to the actual sensitivity and business criticality of the data. Especially when the importance of the archive data changes with time, frequency of use or business state, the system lacks a dynamic adjustment mechanism, so that high-value data can be stored in a low-security-level area, or an access strategy lags behind the actual risk, and serious potential safety hazards exist. Disclosure of Invention The application provides a cloud archive intelligent management method and a cloud archive intelligent management system, which solve the technical problems that the existing archive system lacks a self-adaptive access control mechanism based on data content characteristics and dynamic importance changes, and is difficult to realize the security protection of refinement, differentiation and continuous matching. In order to achieve the above purpose, the application adopts the following technical scheme: in a first aspect, a cloud archive intelligent management method is provided, including: Classifying the file data into each storage unit according to the attribute, wherein the storage units are respectively provided with attribute tags, the attribute of the file data represents the characteristic of the file data, the attribute tags of the storage units represent the characteristic of the storage units, and the attribute of the file data corresponds to the attribute tags of the storage units; Setting access attribute of the storage unit based on the attribute label of the storage unit, wherein the access attribute is a requirement condition that the storage unit can be accessed; receiving a request instruction sent by a client, generating a right decision result based on the request instruction and the access attribute, and carrying out desensitization feedback to the client; and dynamically adjusting the storage position of the archive data every analysis period. According to the technical scheme, in the cloud archive intelligent management method, the attribute characteristics of archive data are correspondingly matched with the attribute labels of the storage units, classified storage of the archive data is achieved, semantic consistency and logic rationality of data collection are guaranteed, corresponding access attributes are set according to the attribute labels of the storage units, namely safety conditions required to be met when the units are accessed, an authority control strategy is cooperated with the storage content characteristics, after an access request of a client is received, request instruction content is analyzed, authority judgment is conducted by combining the set access attributes, an allowed or refused decision result is generated, the client is fed back in a desensitization mode, sensitive information leakage is prevented, meanwhile, the system evaluates and dynamically adjusts the storage positions of the archive data in each preset analysis period, and timely migration of the data to the matched storage units along with attribute or importance changes of the archive data is guaranteed. The mechanism integrally realizes intelligent classification, on-demand protection, safety response and dynamic optimization of the archive data, and remarkably improves the intelligent level, safety and long-term adaptability of storage management. With reference to the first aspect, in one possible implementation manner, the classifying the archive data into each storage unit according to the attribute includes: Analyzing the semantic text of the archive data, and carrying out semantic vector conversion on the semantic text to obtain semantic vectors of the archive data to be classified; And carrying out semantic similarity analysis on the semantic vector of the file data to be classified and the semantic vector of the attribute tag, and storing the file data to be classified into a storage unit with the maximum similarity value. With reference to the first aspect, in one possible implementation manner, the attribute of the archive data does not match with the attribute label of any storage unit, and the archive data is stored in the storage unit with the largest similarity value. With referenc